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“Cryptography [without system 
integrity] is like investing in an armored 
car to carry money between a customer 
living in a cardboard box and a person 


doing business on a park bench.” 
— Gene Spafford © 2020 Philip Koopman J 


Cryptography Overview Nilo 


University 


= Anti-Patterns for Cryptography Preto Nae oP dee? 
e Using a home-made cryptographic algorithm Ae ee 
e Using private key when public key is required 
e Not considering key distribution in design ie ie eee a 

= Cryptography terms: 


ae PLAINTEXT BITS 
e Plaintext: the original data Jr 2 Pt PO 
Ciphertext: data after a encryption 


| ioe 
e Encryption: converting plaintext to ciphertext ta: 
@ 


PP 
63" "ae . &C 0 
Avalanche effect: CIPHERTEXT BITS 


— Confusion: multiple bits in plaintext are combined to make a ciphertext bit 
— Diffusion: each bit of plaintext affects many bits of ciphertext 


— Ideally, ciphertext is random function of plaintext bits © 2020 Philip Koopman 2 
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Classical Cryptography Mellon 








niversity 
= Simple substitution cipher (Caesar Cipher) 
e “IBM” left shifted 1 becomes “HAL” — 4 or 5 bit key (26 wheel positions) 
0.14 
0.12 
0.1 
& oe 
3 0.06 
The action of a Caesar cipher is to replace each oH ° 0.04 
plaintext letter with a different one a fixed number of 
places down the alphabet. The cipher illustrated here ane 
— = uses a left shift of three, so that (for example) each : 
se ge age ad re occurrence of E in the plaintext becomes B in the spedefoniskimacparstuvways 
erDisk2000.jpg ciphertext. https://en.wikipedia.org/wiki/Caesar_cipher a 
The distribution of letters in a typical sample of oH 
» ; . English language text has a distinctive and predictable 
a Readily broken Via frequency analysis shape. A Caesar shift "rotates" this distribution, and it is 


possible to determine the shift by examining the resultant 


e Most common letters correspond to E, T, A, O, eee frequency graph. _https://en.wikipedia.org/wiki/Caesar_cipher 
e Gives secrecy but not explicit integrity © 2020 Philip Koopman 3 
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Mellon 
University 
Complex eubSIUeN Cipher np a 
e German “Enigma’ machine bon | 
rT ” ° if 
The “Bombe” broke Enigma “-o 











e Electromechanical sequencing to search 
for correlations using guessed plaintext 


—- See the movie: “The Imitation Game” 








Right rotor 
advanced 
one position 











The scrambling actionof ™ 
Enigma’s rotors is shown for 

f two consecutive letters with 

a the right-hand rotor moving 

(3 one position between them. 
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https://en.wikipedia.org/wiki/Enigma_ machine 
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Cryptography Spawned Modern Computers 


a ae 
7 a 


= Colossus: 1943 - 1945 B Mittra. 
First stored-program computer ay 


e Broke German High Command Lorenz cipher 


e Vacuum tube 
technology & 


— Statistical 
analysis 
of radio 
intercepts 








i iS a a 
By 






ry" 
ee. . » ¥ 
——— “24 
















| 


a | . - i Tp 
* 
‘ « = . 
* } a rots * en 4 
Bey +: Pettt ey ai. — St 
: 3 
\ : bests ti ttttmet rts eae 
. tes a. oe 
~ > | 
4 — Six r4 af 
aoe pees 7 « ~ 
dl zit! ut i 3 x < 
‘a -3 3} 7 H  * i 
¥ ‘as : ] 
‘a ; 
\ ; — : = 







\ j 
\ 


A 






\\ 
\\\\' 






a aa 


+t? 
© 2020 Philip Koopman 


Modern Cryptography Mello 
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= Data Encryption Standard (DES) — 1975 a 
e Break data to be encrypted into 64-bit blocks 
e 56 bit secret key used to control encryption and decryption 


— Run forward for encryption; run “backward” for decryption 


— Key size (presumably) chosen so “only” NSA could decrypt 
» (See: NOBUS “NObody BUt Us”) 


= Publicly broken in 1998 a 


e $250,000 FPGA 
hardware 


e Brute force search 
all 2°° DES keys 
in a few days 
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The EFF's US$250,000 DES 
cracking machine contained 1,856 
custom chips and could brute force a 
DES key in a matter of days—the 
photo shows a DES Cracker circuit 


a fitted with several Deep Crack Ciphertext (64 bits) 
chips. 
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Figure 1— The overall Feistel structure of a 
DES 
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_ Current-Day Cryptography Mellon 


= Advanced Encryption Standard (AES / Rijdael) — 2001 
e Data to be encrypted into 128-bit blocks 
e Secret key of 128, 192, or 256 bits (e.g., AES-256) 
e Four stages per round: 
— Substitution of byte values: SubBytes 
— Shift rows of bytes: ShiftRows 
— Multiply each column by Matrix: MixColumns 
— XOR with round secret key: AddRoundKey 


e As far as we know, AES is still OK 
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Public Key Cryptography es 


University 


=m Previous ciphers were symmetric key 


e Same key used to encrypt and decrypt 
m Public key cryptography = asymmetric key pairs 


B Oe S Secret Key 







Alice's 


Public key: not secret > known to everyone public key 


Private key: secret key = known only to key owner 
Special math relationship for key pairs 

—- e.g., PublicKey based on product of two prime numbers 
Determining secret key given public key is difficult Bile, Decret nae Ow 

—- e.g., SecretKey based on prime factors of PublicKey soreoled _ 
Large key size — 2048 or 3072 bit keys Mattes he a ee Satan 
— Sparse key space; only need to find a prime factor half that size to break crypto 





- Public Key 





= Encrypt(BobSecret, AlicePublic) = only Alice can read 
e Alice performs Decrypt(BobPublic, AliceSecret) 
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secure Hashing & Digital Signatures Ta 





= Cryptography can also be used to ensure integrity via creating a digest 
e Non-secure example: checksum/CRC ensures message integrity 


e Advantage: usually a blanket export exemption 


=m Hashing: Symmetric cryptography 


Secret key used to create digest of data 


Same secret key used to check validity 


Sender & receiver must both have secret key 


— Receiver can forge a signature! 


= Signing: Asymmetric cryptography 


e Secret key used to create digest of data 


e Public key used to check validity 
e Receiver cannot forge a signature 


Input Digest 
ee DFCD 3454 BBEA 788A 751A 
eal 696C 24D9 7009 CA99 2D17 
eas 0086 46BB FB7D CBE2 823¢ 
Pcie ACC7 6CD1 90B1 EE6E 3ABC 
ee 8FD8 7558 7851 4F32 D1C6 
eine 76B1 79A9 ODA4 AEFE 4819 
ae FCD3 7FDB 5AF2 C6FF 915F 
Puri D401 COA9 7D9A 46AF FB45 
- eee 8ACA D682 D588 4C75 4BF4 
- Fen 1799 7D88 BCF8 92B9 6A6C 


im 



















A cryptographic hash function (specifically SHA-1) at work. A 
small change in the input (in the word "over") drastically changes 
the output (digest). This is the so-called avalanche effect. 


https://en.wikipedia.org/wiki/Cryptographic hash function 
© 2020 Philip Koopman 9 
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Certificates and PKI Mellon 


“i University 
= Digital certificate 


e Binds Identity with a Public Key 
— How do you know BobPublickey is really from Bob? 













= Elements of Public Key Infrastructure 
e Certificate Authority 


— Generates asymmetric key pairs 
— Sends you a private key; sends VA your public key 
e Registration Authority Sates Geineeabass 
https://en.wikipedia.org/wiki/Public_k 
— Handles personal identification (e.g., checks passport against person) for CA 
e Validation Authority 
—- Provides access to Database of {Identity, PublicKey} pairs (digitally signed by CA) 
» If you know public key of CA, you can check validity of signed {Identity, PublicKey} pairs off-line 
— Handles key revocation if key is compromised (requires on-line access!) 


Diagram of a public key infrastructure 


ey_ infrastructure 
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Key Material Distribution ae 
m= Secret keys need to get to each device Alice 


e Each device should have a unique random secret key 
— Also, should have manufacturer public key 

e Ideally: 
— Device SecretKey — to encrypt outgoing messages 


— Device Signed PublicKey -— tell factory your public key Public transport 
» (Signed by factory so factory to authenticate it is a legitimate device) ——— 


Common paint 


Secret colours 
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» Database of devices will go stale; need device to self-authenticate = Eas NE saation 
| ) ve 
— Factory PublicKey — to receive messages+tupdates from factory — — 
— Secret colours i 





= Typical encryption use 
e Use public key crypto to exchange symmetric “session key” are ET 
ustration O e€ Ville—neniman Key 
e Use symmetric crypto for actual communications SIE 


Common secret 





id 
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Best Practices For Cryptography Snes 


University 


= Use well known, standard crypto 
e Private key: faster, but both sides have the key 
e Public key: no sender key in captured receiver 
e Ensure you use a large enough key 
— Deal with key management, including revocation 
e Use hashing/signature when possible 





= Pitfalls: 
e Assume that any home-made cryptographic algorithm is insecure 
e How you use encryption is also tricky; don't invent your own protocols 
e Cryptographic algorithms in books can have bugs 


— Get an up-to-date, maintained crypto library from a reputable source 
© 2020 Philip Koopman 12 


FACEBOOK GMAIL 





IF SOMEONE. STEALS MY LAPTOP WHILE I'M 
LOGGED IN, THEY CAN READ MY EMAIL, TAKE MY 
MONEY AND IMPERSONATE. ME. TO MY FRIENDS, 


BUT AT LEAST THEY CANT INSTALL 
https://xked.com/1200/ DRIVERS WITHOUT MY PERMISSION. 


